railway-api
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill possesses a surface for indirect prompt injection (Category 8) due to its interaction with external cloud data.
- Ingestion points: The skill ingests untrusted data from the Railway API, including project names, service details, and environment variable values via the
GetProjectandGetVariablesqueries. - Boundary markers: Absent; there are no instructions provided to the agent to treat API responses as untrusted data or to ignore instructions embedded within those responses.
- Capability inventory: The skill allows for high-privilege operations including triggering deployments (
deploymentTrigger) and performing CRUD operations on environment variables (variableUpsert,variableDelete). - Sanitization: No sanitization or validation logic is specified for data retrieved from the API before it is used in subsequent operations.
- [SAFE] (SAFE): All authentication examples in
SKILL.mduse safe placeholders (e.g.,<token>,secret-value) rather than hardcoded credentials. - [SAFE] (SAFE): No malicious obfuscation, persistence mechanisms, or unauthorized network operations were detected. The use of
curlis limited to legitimate Railway API endpoints.
Audit Metadata